all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2022-3236: Sophos Firewall User Portal and Web Admin Code Injection

Add to bookmarks
Oct. 19, 2022, 2 p.m. | Trend Micro Research Team

Zero Day Initiative - Blog www.zerodayinitiative.com

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched code injection vulnerability in the Sophos Firewall. The bug is due to improper validation of JSON keys submitted in the “JSON” parameter sent to the Controller endpoint. Successful exploitation of this vulnerability could result in remote code execution with the privileges of the root user. The following is a portion of their write-up …

blog post code code injection cve firewall injection portal sophos sophos firewall web

Visit resource

More from www.zerodayinitiative.com / Zero Day Initiative - Blog

CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability 1 week ago | www.zerodayinitiative.com
amp blog post bug code +25
The April 2024 Security Updates Review 2 weeks, 1 day ago | www.zerodayinitiative.com
adobe april blog post can +12
Pwn2Own Vancouver 2024 - Day Two Results 1 month ago | www.zerodayinitiative.com
blog post chrome edge event +10
Pwn2Own Vancouver 2024 - Day One Results 1 month ago | www.zerodayinitiative.com
blog blog post browser day one +11
Pwn2Own Vancouver 2024 - The Full Schedule 1 month ago | www.zerodayinitiative.com
blog post
The March 2024 Security Update Review 1 month, 1 week ago | www.zerodayinitiative.com
adobe blog post can check +14
CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability 1 month, 2 weeks ago | www.zerodayinitiative.com
arbitrary file write blog post bug crlf injection +26
The February 2024 Security Update Review 2 months, 1 week ago | www.zerodayinitiative.com
adobe blog post february latest +11
CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability 2 months, 2 weeks ago | www.zerodayinitiative.com
avalanche blog post code code execution +32

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Audit and Compliance Technical Analyst

@ Accenture Federal Services | Washington, DC
View on infosec-jobs.com

ICS Cyber Threat Intelligence Analyst

@ STEMBoard | Arlington, Virginia, United States
View on infosec-jobs.com

Cyber Operations Analyst

@ Peraton | Arlington, VA, United States
View on infosec-jobs.com

Cybersecurity – Information System Security Officer (ISSO)

@ Boeing | USA - Annapolis Junction, MD
View on infosec-jobs.com

Network Security Engineer I - Weekday Afternoons

@ Deepwatch | Remote
View on infosec-jobs.com
View more jobs